打不死的Trojan病毒(能帮我看看吗?)【求助】 bbs.ikaka.com

ilovemocha - 2006-6-14 23:11:00

不知道为什么,我的电脑总出现这个系列的病毒,每次关机之前总能扫描到30个,个个打不死的,很着急呀,现在人在国外,都没有人能帮忙的,希望大家能帮帮我.下面是我的日志.太长了，不好意思，我是菜鸟。。
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<Java Runtime Value><runjava.exe> []
<msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<svc><C:\WINDOWS\svchost.exe> []
<Skype><"D:\DownLoads\Phone\Skype.exe" /nosplash /minimized> []
<MSNShell><D:\DownLoads\MSNShell\BIN\MSNShell.exe autorun> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Java Runtime Value><runjava.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> []
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<ATIPTA><rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> []
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [Synaptics, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [Synaptics, Inc.]
<YDTMain.exe><rem C:\PROGRA~1\YDT\YDTMain.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<spoolsv><C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<mscfs><RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs> []
<kc32update><rundll32 C:\WINDOWS\System32\kc32update.dll,AppMain> []
<SurfAccuracy><C:\Program Files\SurfAccuracy\SAcc.exe> []
<ReJf5vH><C:\WINDOWS\rybyndev.exe> []
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> []
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<SVCHOST><C:\WINDOWS\System32\SVCH0ST.EXE> []
<17lelestart><C:\Program Files\VisionNet\17lele\system\play.exe 17LELEMIN> []
<RichMedia><C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [ ]
<system><C:\WINDOWS\System32\inetlnfo.exe> []
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\DOCUME~1\vivi\LOCALS~1\Temp\XP158T~1.DLL,Load> []
<ip_sec><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\Userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><TopThemesLogonUI.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{74F8B7BF-1576-4268-B90C-B77BDB6B783A}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr> []
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> []
<{5EED7056-B89D-4DE8-A060-D285EA746799}><C:\SPY_WOOOL\SPY_DLL.dll> []
<{7A238B14-A6F1-11E0-9A84-00C04FD8DBF8}><C:\WINDOWS\System32\RunCpl.DLL> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\System32\inetinfo.dll> []
<{7A238B14-A6F1-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\system.dll> []
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll> [北京三七二一科技有限公司]

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[ACU Configuration Service / ACS]
<C:\WINDOWS\System32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Cisco Systems, Inc. VPN Service / CVPND]
<D:\DownLoads\cvpnd.exe><Cisco Systems, Inc.>
[System Event Logger / DiRVIn]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[ClipManage / MouTALS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[RegSrvc / RegSrvc]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Remote Lo / Remote Log]
<system32\ServeHost.exee><N/A>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================

ilovemocha - 2006-6-14 23:14:00

==================================
浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\KuGoo3DownXControl.ocx, N/A>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, Shanghai Henbang Technology Co., Ltd>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\System32\svchost.dll, >
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[HbtInstObj]
{8C875948-9C60-4381-9248-0DF180542D53} <C:\WINDOWS\Downloaded Program Files\HbInstIE.dll, Hotbar.com Inc.>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[SAIX]
{DECEAAA2-370A-49BB-9362-68C3A58DDC62} <C:\WINDOWS\Downloaded Program Files\SAIX.dll, N/A>
[使用KuGoo3下载(&K)]
<E:\KuGoo3DownX.htm, N/A>

ilovemocha - 2006-6-14 23:15:00

==================================
正在运行的进程
[PID: 1224][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1368][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1392][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
[PID: 1436][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1448][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1620][C:\WINDOWS\System32\ibmpmsvc.exe] <N/A><N/A>
[PID: 1688][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A>
[PID: 1724][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 200][D:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 240][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 364][C:\WINDOWS\System32\S24EvMon.exe] <Intel Corporation ><8, 1, 0, 49a>
[PID: 476][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 916][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][D:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[D:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[D:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[D:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[D:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[D:\Program Files\Rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1592][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[C:\WINDOWS\system32\CNMLM75.DLL] <CANON INC.><1.90.2.20>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL] <CANON INC.><1.90.2.20>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI75.DLL] <CANON INC.><1.90.2.20>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR75.DLL] <CANON INC.><1.90.2.20>
[PID: 1276][C:\WINDOWS\System32\Rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\WINDOWS\downlo~1\CnsMinIO.dll] <北京三七二一科技有限公司><1, 0, 3, 6>
[C:\WINDOWS\downlo~1\cnsio.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 1808][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\WINDOWS\downlo~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <><1, 1, 4, 1006>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\System32\svchost.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\System32\msicn\plugins\lup.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll] <Yahoo><1, 0, 6, 1319>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll] <3721.com><2, 1, 1, 87>
[c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll] < ><1, 0, 3, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll] <Yahoo><1, 0, 1, 1001>
[C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yXPStyle.dll] <Yahoo><1, 0, 2, 1309>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI75.DLL] <CANON INC.><1.90.2.20>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR75.DLL] <CANON INC.><1.90.2.20>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\PROGRA~1\Yahoo!\Common\ymmapi.dll] <Yahoo! Inc.><2004, 11, 23, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[E:\KuGoo3DownXControl.ocx] <N/A><N/A>
[D:\Program Files\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1920][D:\DownLoads\cvpnd.exe] <Cisco Systems, Inc.><4.8.00.0440>
[C:\WINDOWS\System32\vsdata.dll] <Zone Labs LLC><5.5.062.011>
[C:\WINDOWS\System32\VSINIT.dll] <Zone Labs LLC><5.5.062.011>
[PID: 656][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 672][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 940][C:\WINDOWS\System32\RegSrvc.exe] <Intel Corporation><8, 1, 0, 49a>
[PID: 304][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 540][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 624][C:\WINDOWS\system32\TpKmpSVC.exe] <N/A><N/A>
[PID: 636][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 196][D:\Program Files\Rising\Rav\RsAgent.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>

ilovemocha - 2006-6-14 23:15:00

[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\WINDOWS\downlo~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 1660][C:\WINDOWS\msagent\AgentSvr.exe] <Microsoft Corporation><2.00.0.3422>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[PID: 2844][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[PID: 1156][D:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[PID: 1912][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] < ><2, 0, 0, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll] <><1, 0, 0, 5>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[PID: 4072][C:\WINDOWS\System32\Rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\PROGRA~1\hbclient\HBHelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[PID: 804][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 2272][D:\DownLoads\MSNShell\BIN\MSNShell.exe] <N/A><N/A>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[PID: 3276][E:\Storm Codec\mplayerc.exe] <Gabest><6, 4, 8, 4>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\System32\ffdshow.ax] <N/A><1.0.2.24>
[E:\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 0, 9>
[E:\Storm Codec\Codecs\mlcom.ax] <Moonlight Cordless Ltd><1, 5, 173, 41217>
[C:\WINDOWS\System32\DivXa32.acm] <Hacked With Joy !><4.1.00.3920>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[PID: 2944][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\WINDOWS\System32\wmpdrm.dll] <N/A><2.0.0.1>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <Yahoo.><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[E:\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\PROGRA~1\hbclient\HBHelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[C:\WINDOWS\System32\svchost.dll] <><1, 0, 0, 1>
[C:\WINDOWS\downlo~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 2664][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\WINDOWS\System32\wmpdrm.dll] <N/A><2.0.0.1>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <Yahoo.><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[E:\KuGoo3DownXControl.ocx] <N/A><N/A>
[C:\PROGRA~1\hbclient\HBHelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[C:\WINDOWS\System32\svchost.dll] <><1, 0, 0, 1>
[C:\WINDOWS\downlo~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 3964][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>
[PID: 3976][C:\DOCUME~1\vivi\LOCALS~1\Temp\Rar$EX00.174\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\DownLoads\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\downlo~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 1, 1018>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

咻咻叶叶 - 2006-6-14 23:21:00

可以下个木马杀客试试,www.skycn.com有下载可以试

mopery - 2006-6-15 0:37:00

很乐意帮忙不过能扫个HijackThis么?
http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

mopery - 2006-6-15 0:40:00

[ACU Configuration Service / ACS]
<C:\WINDOWS\System32\acs.exe><N/A>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[Remote Lo / Remote Log]
<system32\ServeHost.exee><N/A>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 ACS IBMPMSVC Remote Log TpKmpSVC 删除...

删除
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\ServeHost.exee
C:\WINDOWS\system32\TpKmpSVC.exe

mopery - 2006-6-15 0:42:00

[System Event Logger / DiRVIn]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索DiRVIn 删除..

删除
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

安全模式下删除 c:\winnt\system32\wbem\irjit.dll

mopery - 2006-6-15 0:43:00

<spoolsv><C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<mscfs><RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs> []
参考：http://forum.ikaka.com/topic.asp?board=28&artid=7948848

mopery - 2006-6-15 0:44:00

还有其他问题扫个 HijackThis...

瑞星卡卡安全论坛